KCSAN: data-race in futex_wait_queue_me / mm_update_next_owner

Status: closed as invalid on 2019/11/19 14:44
First crash: 1069d, last: 1051d
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KCSAN: data-race in futex_wait_queue_me / mm_update_next_owner (2) 139 480d 849d 0/24 auto-closed as invalid on 2021/07/07 21:48

Sample crash report:
BUG: KCSAN: data-race in futex_wait_queue_me / mm_update_next_owner

read to 0xffff8881074290a4 of 4 bytes by task 3269 on cpu 0:
 mm_update_next_owner+0x29f/0x460 kernel/exit.c:389
 exit_mm kernel/exit.c:484 [inline]
 do_exit+0x4c1/0x18f0 kernel/exit.c:804
 do_group_exit+0xb4/0x1c0 kernel/exit.c:921
 __do_sys_exit_group kernel/exit.c:932 [inline]
 __se_sys_exit_group kernel/exit.c:930 [inline]
 __x64_sys_exit_group+0x2e/0x30 kernel/exit.c:930
 do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290

write to 0xffff8881074290a4 of 4 bytes by task 3268 on cpu 1:
 freezer_count include/linux/freezer.h:121 [inline]
 freezable_schedule include/linux/freezer.h:173 [inline]
 futex_wait_queue_me+0x1a2/0x290 kernel/futex.c:2627
 futex_wait+0x19b/0x3f0 kernel/futex.c:2733
 do_futex+0xe9/0x18d0 kernel/futex.c:3644
 __do_sys_futex kernel/futex.c:3705 [inline]
 __se_sys_futex kernel/futex.c:3673 [inline]
 __x64_sys_futex+0x2cd/0x3f0 kernel/futex.c:3673
 do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 3268 Comm: syz-executor.4 Not tainted 5.4.0-rc6+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011

Crashes (4):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci2-upstream-kcsan-gce 2019/11/10 00:08 kcsan 94c006602e13 dc438b91 .config log report
ci2-upstream-kcsan-gce 2019/11/08 09:19 kcsan 94c006602e13 1e35461e .config log report
ci2-upstream-kcsan-gce 2019/10/28 16:37 kcsan 05f2236801fe 439d7b14 .config log report
ci2-upstream-kcsan-gce 2019/10/23 03:50 kcsan 05f2236801fe d0686497 .config log report
* Struck through repros no longer work on HEAD.